Compila rnetserver e rnetclient.

[cascardo/rnetproxy.git] / hcconn_ssl.c

/*
** Copyright (C) 2006 Thadeu Lima de Souza Cascardo <cascardo@minaslivre.org>
** Copyright (C) 2009 Thadeu Lima de Souza Cascardo <cascardo@minaslivre.org>
**  
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License as published by
** the Free Software Foundation; either version 2 of the License, or
** (at your option) any later version.
**  
** This program is distributed in the hope that it will be useful,
** but WITHOUT ANY WARRANTY; without even the implied warranty of
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
** GNU General Public License for more details.
**  
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
**  
*/

#include <gnutls/gnutls.h>
#include <glib.h>
#include <string.h>
#include <errno.h>
#include <fcntl.h>
#include "hcconn_internal.h"

struct ssl_data
{
  gnutls_session_t session;
  GString *buffer;
  gboolean handshaking;
  gboolean failed;
  gpointer lowconn;
};

#define DH_BITS 1024
void *
hc_conn_ssl_server_init_credentials (char *certfile, char *keyfile)
{
  static int initialized = 0;
  static gnutls_certificate_credentials_t cred;
  gnutls_dh_params_t dh_params;
  if (initialized)
    return cred;
  gnutls_dh_params_init (&dh_params);
  gnutls_dh_params_generate2 (dh_params, DH_BITS);
  gnutls_certificate_allocate_credentials (&cred);
  gnutls_certificate_set_x509_key_file (cred, certfile, keyfile,
                                        GNUTLS_X509_FMT_PEM);
  gnutls_certificate_set_dh_params (cred, dh_params);
  initialized = 1;
  return cred;
}

static void *
ssl_server_get_credentials(void)
{
  return hc_conn_ssl_server_init_credentials (NULL, NULL);
}
 
static void
ssl_server_session_new (gnutls_session_t *session)
{
  static void *cred;
  cred = ssl_server_get_credentials ();
  gnutls_init (session, GNUTLS_SERVER);
  gnutls_set_default_priority (*session);
  gnutls_credentials_set (*session, GNUTLS_CRD_CERTIFICATE, cred);
  gnutls_dh_set_prime_bits (*session, DH_BITS);
}
#undef DH_BITS

static void
ssl_client_session_new (gnutls_session_t *session)
{
  int kx_prio[] = {GNUTLS_KX_RSA, 0};
  gnutls_certificate_credentials cred;
  gnutls_certificate_allocate_credentials (&cred);
  gnutls_init (session, GNUTLS_CLIENT);
  gnutls_set_default_priority (*session);
  gnutls_kx_set_priority (*session, kx_prio);
  gnutls_credentials_set (*session, GNUTLS_CRD_CERTIFICATE, cred);
}

static struct ssl_data *
ssl_data_new (int server)
{
  struct ssl_data *ssl;
  ssl = g_slice_new (struct ssl_data);
  if (server)
    ssl_server_session_new (&ssl->session);
  else
    ssl_client_session_new (&ssl->session);
  ssl->buffer = g_string_sized_new (4096);
  ssl->handshaking = FALSE;
  ssl->failed = FALSE;
  return ssl;
}

static void
ssl_data_destroy (struct ssl_data *ssl)
{
  gnutls_deinit (ssl->session);
  g_string_free (ssl->buffer, TRUE);
  g_slice_free (struct ssl_data, ssl);
}

static ssize_t
ssl_push (gnutls_transport_ptr_t ptr, const void *buffer, size_t len)
{
  HCConn *conn = ptr;
  struct ssl_data *ssl = conn->layer;
  hc_conn_write (ssl->lowconn, (void *) buffer, len);
  return len;
}

static ssize_t
ssl_pull (gnutls_transport_ptr_t ptr, void *buffer, size_t len)
{
  HCConn *conn = ptr;
  struct ssl_data *ssl = conn->layer;
  int r;
  if (ssl->handshaking == TRUE)
    {
      r = hc_conn_read (ssl->lowconn, buffer, len);
      return r;
    }
  if (len > ssl->buffer->len)
    {
      r = ssl->buffer->len;
      memcpy (buffer, ssl->buffer->str, r);
      g_string_truncate (ssl->buffer, 0);
    }
  else
    {
      r = len;
      memcpy (buffer, ssl->buffer->str, r);
      g_string_erase (ssl->buffer, 0, r);
    }
  if (r == 0)
    {
      errno = (EAGAIN);
      return -1;
    }
  return r;
}

static void
ssl_server_handshake (HCConn *conn)
{
  struct ssl_data *ssl = conn->layer;
  int error;
  if ((error = gnutls_handshake (ssl->session)) < 0)
    {
      if (gnutls_error_is_fatal (error))
        {
          g_critical ("Fatal error while doing TLS handshaking: %s\n",
                      gnutls_strerror (error));
          ssl->failed = TRUE;
        }
    }
  else
    {
      ssl->handshaking = FALSE;
      if (conn->func)
        conn->func (conn, HC_EVENT_CONNECT, conn->data);
    }
}

static void
ssl_server_connect (HCConn *conn)
{
  struct ssl_data *ssl = conn->layer;
  gnutls_transport_set_ptr (ssl->session, (gnutls_transport_ptr_t) conn);
  gnutls_transport_set_push_function (ssl->session, ssl_push);
  gnutls_transport_set_pull_function (ssl->session, ssl_pull);
  ssl->handshaking = TRUE;
  ssl_server_handshake (conn);
}

static void
hc_conn_ssl_close (gpointer data)
{
  struct ssl_data *ssl = data;
  if (ssl != NULL)
    {
      gnutls_bye (ssl->session, GNUTLS_SHUT_RDWR);
      hc_conn_close (ssl->lowconn);
      ssl_data_destroy (ssl);
    }
}

static ssize_t
hc_conn_ssl_read (gpointer data, gchar *buffer, size_t len)
{
  struct ssl_data *ssl = data;
  return gnutls_record_recv (ssl->session, buffer, len);
}

static ssize_t
hc_conn_ssl_write (gpointer data, gchar *buffer, size_t len)
{
  struct ssl_data *ssl = data;
  return gnutls_record_send (ssl->session, buffer, len);
}

void
hc_conn_ssl_watch (HCConn *conn, HCEvent event, gpointer data)
{
  char buffer[4096];
  HCConn *ssl_conn = data;
  struct ssl_data *ssl = ssl_conn->layer;
  int r;
  switch (event)
    {
    case HC_EVENT_READ:
      if (ssl->handshaking)
        {
          ssl_server_handshake (ssl_conn);
          /* FIXME: create HC_CONN_ERROR */
          if (ssl->failed && ssl_conn->func)
            ssl_conn->func (ssl_conn, HC_EVENT_CLOSE, ssl_conn->data);
          return;
        }
      while ((r = hc_conn_read (ssl->lowconn, buffer, sizeof (buffer))) > 0)
        g_string_append_len (ssl->buffer, buffer, r);
      if (ssl_conn->func && !ssl->handshaking)
        ssl_conn->func (ssl_conn, event, ssl_conn->data);
      break;
    case HC_EVENT_CLOSE:
      if (ssl_conn->func)
        ssl_conn->func (ssl_conn, event, ssl_conn->data);
    }
}

static int
hc_conn_set_driver_ssl (HCConn *conn, HCConn *lowconn, int server)
{
  struct ssl_data *ssl;
  ssl = ssl_data_new (server);
  if (ssl == NULL)
    return -1;
  ssl->lowconn = lowconn;
  conn->layer = ssl;
  conn->read = hc_conn_ssl_read;
  conn->write = hc_conn_ssl_write;
  conn->close = hc_conn_ssl_close;
  hc_conn_set_callback (lowconn, hc_conn_ssl_watch, conn);
  ssl_server_connect (conn);
  return 0;
}

int
hc_conn_set_driver_ssl_client (HCConn *conn, HCConn *lowconn)
{
  return hc_conn_set_driver_ssl (conn, lowconn, 0);
}

int
hc_conn_set_driver_ssl_server (HCConn *conn, HCConn *lowconn)
{
  return hc_conn_set_driver_ssl (conn, lowconn, 1);
}

void
hc_conn_ssl_server_set_priority (HCConn *conn, char *priority)
{
  struct ssl_data *ssl;
  ssl = conn->layer;
  gnutls_priority_set_direct (ssl->session, priority, NULL);
}